[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tor-talk] Layer-7 DoS Attack Against WWW Tor Hidden Service
- From: George Kadianakis <desnacked AT riseup.net>
- Subject: Re: [tor-talk] Layer-7 DoS Attack Against WWW Tor Hidden Service
- Date: Wed, 15 Nov 2017 14:26:36 +0200
- Arc-authentication-results: i=1; mx.google.com; dkim=neutral (body hash did not verify) firstname.lastname@example.org header.s=squak header.b=LcXyo8iZ; spf=pass (google.com: best guess record for domain of tor-talk-bounces AT lists.torproject.org designates 220.127.116.11 as permitted sender) smtp.mailfrom=tor-talk-bounces AT lists.torproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=riseup.net
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:mime-version:message-id:date:references :in-reply-to:to:from:dkim-signature:arc-authentication-results; bh=C47PNtOVUkLypTNBEQIZuBn6pCJdy/JRg6MJrD44+DE=; b=hpbur4w85Ky+zzXOqoFW3IzV+7SezmgKGOSoz9GxztNvybGQIBaelLsUXPxrdSvf+2 xBrDZvSDV5HMUAyKjlR5qskomEgJPRcAKJ486Jttpr5d5U3twvaj9VWIXzPkxD/JfdVk PfhjphWq0UyZcAHBRZxw4xzzUr4141i1Zz+CxzBRv5yZB93TZ/1Yh3xRo3jWScwWn1tI sT+QJqIDM2e2saIfJbz0wdesticmA78JqysWzbRtVcWEfBJmbLKzoYXZCBLrLzhOaJLj M1psmpAebFfDSrvkJpK2nY1RsS76MShHu8zvV+/zRBXG/T61YmvL4cYFSHBKkULXqchA ECRg==
- Arc-seal: i=1; a=rsa-sha256; t=1510748842; cv=none; d=google.com; s=arc-20160816; b=xIeBwMCdmDHK/MmWtHHdZ+xc+d8dxKs2z+I28SiXqJQDUx450rskXV5djahtnwmnJI qSAdRGZiGbSSy90OWQ272oN+pM6A72t00nLJqdEpUV1aeWfSHzT/mbpCwCXCwveH+aj+ w7tK/j4BhzLlxvG2voQS2qpiyKzcDIWKqmUwP3u8rjEaggCOUb3Gb0JnhPsJPT4Ex+g1 jml8qOedT/FO1vbG/zzU/QtwMHadfthqL4eQBmT8Aa9iR0gKnSMo9F+qSV3ThtPHfelt NMWNn8Vl3bB5PAWnAEuqfuf0vFAron5pNy6oxCdiEooi5Ms9OkwttDfnOuPZc80PyY1x /Y7w==
- Cc: "tor-talk AT lists.torproject.org" <tor-talk AT lists.torproject.org>
- List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
- Reply-to: tor-talk AT lists.torproject.org
- Sender: "tor-talk" <tor-talk-bounces AT lists.torproject.org>
- To: bob1983 <bob1983 AT protonmail.com>
bob1983 <bob1983 AT protonmail.com> writes:
>>> Is there a way to limit resource usage originated from a single Tor circuit?
>> There is no such functionality right now I'm afraid. People have been
>> wanting some sort of functionality like that for a while:
>> but we haven't had time to develop/design something.
> The first possible solution quickly came to my mind, was to do what i2p was
> doing for years: assigning a placeholder IP address based on the 32-bit hash of
> the circuit ID. It is not an ideal countermeasure, but it does work for simple
> rate-limiting purpose and compatible with existing IP-based applications and
> I've just checked the source code.
> and it turned out that this feature from i2p was actually based on this patch
> purposed in tor-dev mailing list!
> [tor-dev] Patch: Hidden service: use inbound bind-address based on circuit ID
> I don't know if it's still worth to try with this approach, or developing a
> separate API should be the right way to go. Any other insights, anyone?
Thanks for this information bob1983. I opened ticket #24298 to handle
the generic issue of DoS attacks, and also opened #24299 to investigate
the I2P feature you mentioned. Hopefully we can find some time to work
on this, or it might give the community a place to design stuff.
I'm also wondering how the I2P community is using that feature. I have
asked some I2P friends and waiting for answers.
tor-talk mailing list - tor-talk AT lists.torproject.org
To unsubscribe or change other settings go to